From: Nathan Chancellor <nathan@kernel.org>
To: Kees Cook <kees@kernel.org>
Cc: Masahiro Yamada <masahiroy@kernel.org>,
Nicolas Schier <nicolas.schier@linux.dev>,
Petr Pavlu <petr.pavlu@suse.com>,
Sebastian Andrzej Siewior <bigeasy@linutronix.de>,
linux-kbuild@vger.kernel.org,
Justin Stitt <justinstitt@google.com>,
Marco Elver <elver@google.com>,
Andrey Konovalov <andreyknvl@gmail.com>,
Andrey Ryabinin <ryabinin.a.a@gmail.com>,
linux-kernel@vger.kernel.org, linux-hardening@vger.kernel.org,
kasan-dev@googlegroups.com
Subject: Re: [PATCH 2/3] randstruct: Force full rebuild when seed changes
Date: Fri, 2 May 2025 09:12:09 -0700 [thread overview]
Message-ID: <20250502161209.GA2850065@ax162> (raw)
In-Reply-To: <20250501194826.2947101-2-kees@kernel.org>
Hi Kees,
On Thu, May 01, 2025 at 12:48:17PM -0700, Kees Cook wrote:
> While the randstruct GCC plugin was being rebuilt if the randstruct
> seed changed, Clangs build did not notice the change. Include the hash
> header directly so that it becomes a universal build dependency and full
> rebuilds will happen if it changes.
>
> Signed-off-by: Kees Cook <kees@kernel.org>
> ---
> Cc: Masahiro Yamada <masahiroy@kernel.org>
> Cc: Nathan Chancellor <nathan@kernel.org>
> Cc: Nicolas Schier <nicolas.schier@linux.dev>
> Cc: Petr Pavlu <petr.pavlu@suse.com>
> Cc: Sebastian Andrzej Siewior <bigeasy@linutronix.de>
> Cc: <linux-kbuild@vger.kernel.org>
> ---
> include/linux/vermagic.h | 1 -
> scripts/Makefile.randstruct | 3 ++-
> scripts/basic/Makefile | 11 ++++++-----
> 3 files changed, 8 insertions(+), 7 deletions(-)
>
> diff --git a/include/linux/vermagic.h b/include/linux/vermagic.h
> index 939ceabcaf06..335c360d4f9b 100644
> --- a/include/linux/vermagic.h
> +++ b/include/linux/vermagic.h
> @@ -33,7 +33,6 @@
> #define MODULE_VERMAGIC_MODVERSIONS ""
> #endif
> #ifdef RANDSTRUCT
> -#include <generated/randstruct_hash.h>
> #define MODULE_RANDSTRUCT "RANDSTRUCT_" RANDSTRUCT_HASHED_SEED
> #else
> #define MODULE_RANDSTRUCT
> diff --git a/scripts/Makefile.randstruct b/scripts/Makefile.randstruct
> index 24e283e89893..ab87219c6149 100644
> --- a/scripts/Makefile.randstruct
> +++ b/scripts/Makefile.randstruct
> @@ -12,6 +12,7 @@ randstruct-cflags-y \
> += -frandomize-layout-seed-file=$(objtree)/scripts/basic/randstruct.seed
> endif
>
> -export RANDSTRUCT_CFLAGS := $(randstruct-cflags-y)
> +export RANDSTRUCT_CFLAGS := $(randstruct-cflags-y) \
> + -include $(objtree)/scripts/basic/randstruct_hash.h
As the kernel test robot points out (on a report that you weren't
included on for some reason...), this breaks the build in several
places on next-20250502.
https://lore.kernel.org/202505021409.yC9C70lH-lkp@intel.com/
$ make -skj"$(nproc)" ARCH=arm LLVM=1 clean allmodconfig arch/arm/vdso/vgettimeofday.o
clang: error: cannot specify -o when generating multiple output files
There are places in the kernel that filter out RANDSTRUCT_CFLAGS and
this appears to cause other '-include' flags to be filtered out as well,
such as the one in the efistub that includes hidden.h.
> KBUILD_CFLAGS += $(RANDSTRUCT_CFLAGS)
> diff --git a/scripts/basic/Makefile b/scripts/basic/Makefile
> index dd289a6725ac..31637ce4dc5c 100644
> --- a/scripts/basic/Makefile
> +++ b/scripts/basic/Makefile
> @@ -8,9 +8,10 @@ hostprogs-always-y += fixdep
> # before running a Clang kernel build.
> gen-randstruct-seed := $(srctree)/scripts/gen-randstruct-seed.sh
> quiet_cmd_create_randstruct_seed = GENSEED $@
> -cmd_create_randstruct_seed = \
> - $(CONFIG_SHELL) $(gen-randstruct-seed) \
> - $@ $(objtree)/include/generated/randstruct_hash.h
> -$(obj)/randstruct.seed: $(gen-randstruct-seed) FORCE
> + cmd_create_randstruct_seed = $(CONFIG_SHELL) $(gen-randstruct-seed) \
> + $(obj)/randstruct.seed $(obj)/randstruct_hash.h
> +
> +$(obj)/randstruct_hash.h $(obj)/randstruct.seed: $(gen-randstruct-seed) FORCE
> $(call if_changed,create_randstruct_seed)
> -always-$(CONFIG_RANDSTRUCT) += randstruct.seed
> +
> +always-$(CONFIG_RANDSTRUCT) += randstruct.seed randstruct_hash.h
> --
> 2.34.1
>
next prev parent reply other threads:[~2025-05-02 16:12 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-05-01 19:48 [PATCH 0/3] Detect changed compiler dependencies for full rebuild Kees Cook
2025-05-01 19:48 ` [PATCH 1/3] gcc-plugins: Force full rebuild when plugins change Kees Cook
2025-05-02 9:55 ` kernel test robot
2025-05-02 20:39 ` Kees Cook
2025-05-01 19:48 ` [PATCH 2/3] randstruct: Force full rebuild when seed changes Kees Cook
2025-05-02 16:12 ` Nathan Chancellor [this message]
2025-05-02 22:57 ` Kees Cook
2025-05-01 19:48 ` [PATCH 3/3] integer-wrap: Force full rebuild when .scl file changes Kees Cook
-- strict thread matches above, loose matches on Subject: below --
2025-05-02 6:57 [PATCH 2/3] randstruct: Force full rebuild when seed changes kernel test robot
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250502161209.GA2850065@ax162 \
--to=nathan@kernel.org \
--cc=andreyknvl@gmail.com \
--cc=bigeasy@linutronix.de \
--cc=elver@google.com \
--cc=justinstitt@google.com \
--cc=kasan-dev@googlegroups.com \
--cc=kees@kernel.org \
--cc=linux-hardening@vger.kernel.org \
--cc=linux-kbuild@vger.kernel.org \
--cc=linux-kernel@vger.kernel.org \
--cc=masahiroy@kernel.org \
--cc=nicolas.schier@linux.dev \
--cc=petr.pavlu@suse.com \
--cc=ryabinin.a.a@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.